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Welcome to DEF CON 29, our first conference that 
is both physical and virtual, and an experiment of 
the "Stateless by Design” concept. Our theme is 
"You Can't Stop the Signal" 


What is the Signal? From the DC29 announcement 
"Мел though life changes - school ends, 
responsibilities accrue - the signal is always there. 
Calling us back to the company of the people who 
understand us, who light up at the same things we 
do. We want to share what we've learned. We want 
to learn what others have to share. We want to 
teach and be taught and move the culture forward. 
We want to do our part to construct a future as free 
and open, as secure and as resilient as the tribe 
that's building it. That's the signal. That's why the 
years, the miles and any number of calamities 
don't stop it." 


As you hang out at our pool soaking in the sun and 
music, or are deep in a stack trace tr a contest 
take a moment to think about what an amazing 
community we have built, and try something new. 
Try a new contest, listen to new music, or learn 

a new physical skill like lock-picking. It sounds 
simple that the Signal is us, supporting each other, 
but it can get complicated. 


DEF CON believes in speaking truth to power, 
verifying and testing what you are told, and that 
you need privacy and security at the same time or 
you get neither. It should be legal to repair and 
test products you have paid for, and corporate 
control should not be a requirement to be on-line. 
An open internet can elevate everyone, and that 
your hacking identity is what you do, not what 
you look like. 
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The pandemic reminds us that there is no real 
boundary between hacking and politics, that there 
are political implications in the kinds of hacking 
we do. For example the DEF CON Voting Machine 
Hacking Village went from the obscure to the front 
page, and altered the trajectory of how elections 
are run for the better by doing what we do best 

- hacking technology. The results provided the 
details needed by other voting integrity groups to 
advance their work, and signaled that hackers can 


contribute more fo society than just “finding bugs”. 


| believe we can only engineer ourselves out of 
policy problems for so long until we are forced to 
confront the issues. 


As the internet fractures into “more open” and 
“less open” domains the Signal is being distorted 
and А | have been thinking more about 
“What can | do to support the Signal?” First | 

will work to preserve history by Posting hacking 
conference archives on infocon.org. Second our 
own services are not tied to а mega platform, 
giving hacking communities a place to grow 

on forum.defcon.org, and making everything 
accessible over Tor to help those in censored 
countries. Finally | will work to build policy@ 
DEFCON to help give our community a voice, 
bringing the hacking perspective to policymakers, 
and policymakers to the hackers. Let’s all continue 


to engage in super nerd hacking while being aware 


of the implications fo those around us. This is the 
signal DEF CON will amplify. Now let's party! 


The Dark Tangent 


A hybrid con needs a hybrid badge. Designed to still be useful after the con, the badge is a customizable 
macro pad, but it's so much more than that. As the new.badgemakers, we wanted to encourage more 
interaction, so the badge has no less than 6 connectors for you to interface with your 
fellow attendees! Use the edge connectors for a quick pairing, or use 

a USB cable for a little more distance and maybe play a game while 
you're connected. For those attending virtually, the badge can help you 
control discord or you can remap the keys to do anything you want. 


Regardless of where you are, the signal doesn’t 
propagate on its own. It needs our help to expand and 
reach our fellow hackers, inviting them to join us as we 
share and learn from each other. There may even be a 
challenge associated with it... 
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We've provided some legends below for you to customize 
your keycaps. There's even some blank ones so you can 
make yours truly unique. We hope you have fun and enjoy 
the badge! 


-MK Factor (Michael @compukidmike and Katie © 
ktigeekmom) 
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intentionally-left blank 


Browse and leech files from all the past DEF CON conferences and find this year's presentation materials, 
white papers, slides, etc. 


Since last year the DEF CON collection has been updated as well as 
many more hacking conferences added to the infocon.org collection. 


We expect you to leech at full speed, and the server is warmed up and 
ready to go. Enjoy! 


To make hing: easier for you here are some example wget commands 
and TLS certificate information: 


The dc29-media.defcon.org TLS certificate fingerprint: 

Serial Number: 4£075(2E27787E25BC4D(D18CC6C3EE1 

(SHA256) 6ADC FB28 0С01 98CD D45F 5802 6CFF 905E CA19 F95F 

EXAMPLE wget command to download all of DEF CON 25: 

wget -np -m “https://dc29-media.defcon.org/infocon.org/cons/DEF CON/DEF CON 25/" 


Network-Instructions: 


After taking a mandatory break last year, the DEF 
CON NOC is happy to be back in Vegas delivering 
the best zero-trust network access Vadit the 
Paris and Bally's conference floors. Obviously using 
all of the the blockchainz, machine learningingz, 
Alz with shift left testing and whatever other 
marketing term people use these days. 


If you want to get online using the Wi-Fiz, 
remember there are two (and only two) official 
ESSIDs you should use to post your TikTok videos: 


Despite the fact that the 802.1X authentication has 
been pretty stable for the past few years, never 
forget we're talking about the Wi-Fiz, drivers and 
possible interoperability issues. 


Believe or not, we test stuff before we go onsite. 
But like any other technology, things change on 
how operating systems, drivers "s users deal 
with the Wi-Fiz. There are might be some devices 
out there that really do not like 802.1X with PEAP 
authentication. 


In particular, for quite a while some Android 
platforms wouldn't verify the RADIUS server 


certificate prior to sending the user's credentials 
fo enter the network. As of DC 27 and our latest 
testing, all is well for this year. (and those were 
the last words) 


802.1X pro-tip: By configuring 802.1X and choosin 
for your device to "not verify server certificate" wil 
grat not only let that device connect to one of 
the hundreds of rogue access points on the show 
floor but will also send your login credentials to a 
rogue radius server. This is no [к and defeats 
the whole purpose of this authentication method. 


Another Captain Obvious special, but it has to be 
said: Be an advocate of cyber common sense (™), 
and do not, | repeat, do NOT choose the same 
credentials (aka: username and password) used 
for your important stuffz, like shopping sites, 
online-banking, the pornz, your windows domains 
(yeah, it happened before) to connect to the 
hacker conference network. Make something up, 
be creative, and funny. Like a clown. 


For updated information and instructions on how to 
connectto.the Wi-Fi with the n0t-50-1337 Operating 
Systems along with the link to download the 
digital certificate.to be.used, visit 

And if you'don’t-know how to properly 
configure the Wi-Fiz on your üb3r-1337 linux 
distro, you'should consider a.new platform. 


For NOC updates visit https://noc.defcon.org , and 
also follow us on twitter. @DEFCON_NOC. 


Don't forget to subscribe and smash that 
notification button, will ya? 


COC 


Conference Code of Conduct 
Last updated 3.6.15 


DEF CON provides a forum for open discussion between participants, where radical viewpoints are 
welcome and a high degree of skepticism is expected. However, insulting or harassing other participants is 
unacceptable. We want DEF CON to be a safe and productive environment for everyone. It's not about what 
you look like but what is in your mind and how you present yourself that counts at DEF CON. 


We do not condone harassment against any participant, for any reason. Harassment includes deliberate 
пша and targeting individuals in a manner that makes them feel uncomfortable, unwelcome, or 
afraid. 


Participants asked to stop any harassing behavior are expected to comply immediately. We reserve the 
right to respond to harassment in the manner we deem appropriate, including but not limited to expulsion 
without refund and referral to the relevant authorities. 


This Code of Conduct applies to everyone participating at DEF CON - from attendees and exhibitors to 
speakers, press, volunteers, and Goons. 


Anyone can report harassment. If you are being harassed, notice that someone else is being harassed, or 
have any other concerns, you can contact a Goon, go to the registration desk, or info booth. 


Conference staff will be happy to help participants contact hotel security, local law enforcement, or 
otherwise assist those experiencing harassment to feel safe for the duration of DEF CON. 


Remember: The CON is what you make of it, and as a community we can create a great experience for 
everyone. 


- The Dark Tangent 
Official Sites U.S. Social Media Bally's Pool 
Website: https://defcon.org (3 Twitter: https://twitter.com/defcon Thursday Friday Saturday 


DEF CON Media: hitps://media.defcon.org ғ Facebook: hitps://facebook.com/defcon/ 
DEF CON Groups: https://defcongroups.org © bet /www.instagram.com/ 


DEF CON Forums: https://forum.defcon.org Reddit hips Гө аі соту econ 


e All the DEF CON services BALLY'S POOL PARTIES DAILY 13:00-24:00 i 
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Into the System: DEF CON 
GTF 29 


DC CIF 28 was nothing like anyone ever imagined—The 
game was hosted in the cloud and teams competed virtually 
from around the globe, and also around the clock: four 
shifts of eight hours, with nine hours between shifts. During 
this brutal 32 hours of competition the teams played 
blackjack in Conway's Game of Life, hacked a Manchester 
parallel machine, created an Al using only ROP, and 
demonstrated many other impressive hacking skills. At the 
end of a close competition, А*0*Е emerged sleep-deprived 
yet victorious. 


During the Order’s time in quarantine, we turned our focus 
inward. We tried to picture clusters of information as they 
moved through the computer. What did they look like? 
Ships? Motorcycles? Are circuits like freeways? We kept 
dreaming of a world we thought we'd never see. And then, 
one day... We got in. 


What we found was a nightmarescape System of restricted 
devices, advertisementriddled operating systems, spyware, 
DRM, and planned obsolescence. This isn't the blissful open 
future Users were promised. This isn't freedom. 


And now, we need you. Go inward, young hacker, go inward 
and study the System. Learn about the System, every 
aspect of the System, better than those who created it. Use 
your knowledge to make the impossible possible. Use your 
knowledge to hack. Use your knowledge to free the system. 
Use your knowledge to protect the User. 


Above all, use your knowledge to protect the Signal. 
Capture the Flag? 


Capture the Flag is a hacking competition in which teams 
compete to out-hack each other. Originating over two 
decades ago at DEF CON 4, CTF has now grown to become 
a global phenomenon. CTFs are held every weekend, and 
teams join online or fly around the world to test their skills 


Traditionally, DEF СОМ СТЕ has been an “attack/defense” 
CIF: teams are provided identical sets of network services, 
and must defend their instances of these programs while 
exploiting vulnerabilities in the instances run by their 


opponents. That being said, each organizer has leeway to 
shape the game to their vision. We have introduced twists 
on the format, and will continue to tinker and experiment 
throughout our tenure. 


Only the top teams in the world are invited to DEF CON. 
Teams qualify by performing well in the DEF CON Qualifier 
event (held online in May) or by winning HITCON CTF, hxp 
(ТЕ Plaid CTF, or pwn2win. 


This year, more than 1,200 teams tried to qualify, 103 
solved two or more challenges. Among these worthy 
competitors we have gathered the world’s top 16 teams: 


DiceGang Plaid Parliament of Pwning 
HITCON > Balsn PTB/WTL 

Katzebin r3kapig 

mhackeroni Shellphish 

NorseCode StarBugs 
SAGAMENuIL Perfect xi Guesser 
ooorganizers Tea Deliverers 

pasten fi 


Come watch them hack in the CTF room. One day, you may 
take their place. Or ours. 


Who is the Order of the 
Overflow? 


We have been here for a while. We wandered the halls in 
awe of the master hackers at DEF CON 9. We spent sleepless 
nights competing against them every year since DEF CON 12. 
We have been the hackers, and we have been the hacked. 
Now, as the organizers of DEF CON CTF, we hope to shepherd 
the game through the next generation of technological and 
societal shifts. Just as importantly, we strive to keep DEF 
CON CTF a spectacle that can be used to inspire the next 
generation, who, just like we used to do, will first wander 
the halls in awe of the players and then hack them to shreds 
a decade later. 


Resources 

The following resources may be helpful to interested 

hackers! 

Шор: htips;//www.oooverflow.io/ philosophy. 
tm 


Game announcements: hitps://twitter.com/oooverflow 
DEF CON CIF scoreboard: https;//cif.oooverflow.io 

CIF tracker: hitps://ctftime.org 

We hope to see you play in finals next year! 


CONTESTS 


For full details and links go to https://defcon.org/ 
html/defcon-29 /de-29-cne.html 


Hacker Jeopardy 


Friday: 20:00-22:00, Saturday: 20:00-22:00 
Location: Track 1, Ballys 


Whose Slide іс it Anyway 
Friday:-22:00-24:00 
Location: Track 1, Bally's 


Drunk Hacker History 


Saturday: 22:00-24:00 
Location:-Track 1, Bally's 


Maps of the Digital 
Lands 

Friday: 10:00-21:00, Saturday: 10:00-21:00, 
Sunday: 10:00-12:00 

Location: Onsite - Contest floor 


Beverage Cooling 
Contraption Contest 


Friday: 10:00-14:00 
Location: Onsite - Сопіеѕі оог 


SEACTF: Maritime 
Hacking CTF 

Friday: 10:00-21:00, Saturday: 10:00-21:00, 
Sunday: 10:00-12:00 

Location: Onsite - Contest floor 


Autonymaus Driving СТЕ 
Friday: 10:00-21:00, Saturday: 10:00-21:00, 
Sunday: 10:00-12:00 

Location: Hybrid? Contest floor 


eSports League 
Tournament 


Friday: 10:00-21:00, Saturday: 10:00-21:00, 
Sunday: 10:00-12:00 
Location: Hybrid - Contest floor 


Coindroids 


Friday: 10:00-21:00, Saturday: 10:00-21:00, 
Sunday: 10:00-12:00 
Location: Hybrid - Contest floor 


DG29 CTF 

Friday: 10:00-21:00, Saturday: 10:00-21:00, 
Sunday: 10:00-12:00 

Location: Hybrid - Contest floor 


DEF CON MUD 

Friday: 10:00-21:00, Saturday: 10:00-21:00, 
Sunday: 10:00-12:00 

Location: Hybrid - Contest floor 


DEF CON Next Top 
Threat Model 


Friday: 10:00-18:00, Saturday: 10:00-18:00 
Location: Hybrid - Contest floor 


DEF CON Scavenger 
Hunt 


Friday: 10:00-21:00, Saturday: 10:00-21:00, 
Sunday: 10:00-12:00 
kocütion: Hybrid - Contest floor 


EFF Tech Trivia 
See Website 
Location: Hybrid - Contest odr 


Cyber Warrior Network 


CONTESTS 


Hackfortress 

Friday: 10:00-21:00, Saturday: 10:00-21:00, 
Sunday: 10:00-12:00 

Location: Hybrid - Contest floor 


Red Team CTF 

Friday: 10:00-21:00, Saturday: 10:00-21:00, 
Sunday: 10:00-12:00 

Location: Hybrid - Contest floor 


Secure Coding 
Tournament CTF 


Friday: 10:00-21:00, Saturday: 10:00-21:00; 
Sunday: 10:00-12:00 
Location: Hybrid - Contest floor 


The Schemaverse 
Tournament 


Friday: 10:00-21:00, Saturday: 10:00-21:00, 
Sunday: 10:00-12:00 
Location: Hybrid - Contest floor 


Tin Foil Hat Contest 
Friday: 10:00-21:00, Saturday: 10:00-21:00, 
Sunday: 10:00-12:00 

Location: Hybrid - Contest floor 


AppSec Village (CTF)2 


Village Hours 
Location: AppSec Village 


BIC Village CTF 


Friday 10:00 - Saturday 15:00 
Location: BIC Village 


Capture the Packet 
Village Hours 
Location: Packet Village 


10 


Car Hacking Village CTF 


Friday: 10:00-24:00 
Location: Car Hacking Village 


Crack Me If You Can 
Fri 10:00 - Sat 21:00 
Location: Password Village 


The Gold Bug 


Village Hours 
Location: Crypto and Privacy Village 


Hack the Plan[3]t 
Village Hours 
Location: ICS Village 


Hospital Under Siege 


Village Hours 
Location: Biohacking Village 


OpenSOc Blue Team CTF 


Village Hours 
Location: Blue Team Village (Online) 


Radio Frequency CTF 


Village Hours 
Location: RF Hacker Santuary 


SOHOpelessly Broken 


СЕ 


Friday: 10:00-21:00, Saturday: 10:00-21:00, 
Sunday: 10:00-12:00 


Location: 10T Village 


Testnet Cointest 

Friday: 10:00-21:00, Saturday: 10:00-21:00, 
Sunday: 10:00-12:00 

Location: Cryptocurrency Village 


CMD*t*CTRL 
Friday: 10:00-17:00, Saturday: 10:00-17:00 
Location: Online only 


Hack3r Runw(a3y 

Friday: 10:00-21:00, Saturday: 10:00-21:00, 
Sunday: 10:00-12:00 

Location: Online only 


Kubernetes CTF 
Friday: 10:00-23:00, Saturday: 10:00-18:00 
Location: Online only 


Red Alert ICS CTF 
Friday: 10:00-18:00, Saturday: 10:00-18:00 
Location: Online only 


Salty Sensor Contest 
Friday: 10:00-21:00, Saturday: 10:00-21:00, 
Sunday: 10:00-12:00 
Location: Online only 
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Short Story Contest 


May 1, 2021--June-15;-2021 
Location: Online only 


sticker Design Contest 


Pre-DEF CON 
Location: Online only 


TeleChallenge 

Friday: 10:00-21:00, Saturday: 10:00-21:00, 
Sunday: 10:00-12:00 

Location: Online only 


TraceL abs OSINT 
Search Party CTF 


Friday: 10:00-16:00 
Location: Online only 
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PACKET DETECTIVE | PACKET INSPECTOR | WALL OF SHEEP | CAPTURE THE PACKET 
WALK-THROUGH WORKSHOPS | PHV WORKSHOPS | PHV TALKS | wasnJca 


PARTIES /MEETUPS 


For more details and links, visit the Parties & Meetups page at https://defcon.org/html/defcon-29 /dc-29-parties.html 


mom 


Thursday, Friday, Saturday from 16:00 - 18:00 at 
Bally's Pool 


Mes 


Thursday, 1600-2200 Off-site at Sunset Park, 
Pavilion F, (36.0636, -115.1178) 


[In-Person] 


Thursday, Friday, Saturday, Sunday from 13:00 - 
24:00 at Bally's Pool 


ШІЛТЕН 


Friday and Saturday from 20:00 - 22:00 in Track 2 
Friday: Tron, Saturday: Upgrade 


"Tin Person] 
Friday: ER I 


[In-Person] 
Friday from 20:00 - 22:00 at Ballys, Skyview 4 


[In-Person] 
Friday from 2000 - 2200 at Bally's, Skyview 3 


"Vampire the > 
: Masquerade: 


[In-Person] 
Friday from 20:00 at Bally's Skyview 2 
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‘Hacker 


[In-Person] 
Saturday from 22:00 at Paris, Chillout 2 


'DC404/DC678/DC770/: 
:DC470 (Atlanta DES 
¿Meetup 


[In-Person] 
Saturday from 17:00 - 19:00 at Bally's Skyview. 2 


[Hybrid] 
Saturday from 21:00 - 02:00 at Bally's Skyview 3 


[In-Person] 


Meetings at Noon & 5pm Thurs-Sat, Noon Sun at 
Bally's Pool Cabana 


[In-Person] 
Friday from 18:00 - 20:00 at Bally's Pool Cabana 


[Online] 
Friday from 06:00 - 16:00 on Discord 


[Online] 
Friday, Saturday from 18:00 - 00:00 on Discord 


[Online] 
Friday from 21:00 - 02:00 on Discord 


VILLAGES 


For complete details and links, visit the Villages page at htips://defcon.org/htm|/defcon-29 /dc-29-villages.himl 


AppSec Village 

Friday: 10:00 - 17:00, Saturday: 10:00 - 17:00, 
Sunday: 10:00 - 13:30 

Location: Hybrid, Paris Ballroom 

Harn Radio Village 

Friday: 10:00 - 16:00, Saturday: 10:00 - 17:00, 
Sunday: 10:00 - 14:00 

Location: Hybrid, Bally's, Bronze] & 2 


Packet Hacking Village 


Friday: 09:00 - 18:00, Saturday: 09:00 - 18:00, 
Sunday: 09:00 - 14:00 
Location: Hybrid, Paris Ballroom 


Cryptocurrency Village 


Friday: 10:00 - 17:00, Saturday: 10:00 - 17:00, 
Sunday: 10:00 - 17:00 
Location: Hybrid, Paris, Champagne 1 


Aerospace Village 

Friday: 10:00 - 16:00; Saturday:-10:00-- 16:30 
Location: Paris Ballroom 
BCOS'VillacGe 


Friday: 09:00 - 17:00, Saturday:.09:00 - 17:00, 


Sunday: 09:00 - 15:00 
Location: Paris Ballroom 


Car Hacking Village 


Friday: 10:00 - 16:30, Saturday: 10:00 - 16:30 
Location: Paris Ballroom 


Data Duplication Village 


Thursday: 16:00 - 19:00, Friday: 10:00 - 17:00, 
Saturday: 10:00 - 17:00, Sunday: 10:00 - 11:00 
(Last chance pickup) 


Location: Bally's Palace 7 


Hardware Hacking 
Vilage 


Friday: 09:00 16:00, 09:00 - 18:00 Online, 
Saturday: 09:00 - 16:00, 09:00 - 18:00 Online, 
Sunday: 09:00 - 13:00, 09:00 - 16:00 Online 


Location: Hybrid, Bally's, Bronze 3 & 4 
Password Village 

Friday: 09:00 - 15:00, Saturday: 09:00 - 15:00 
Location; Paris Ballroom 

Rogues Village 

Friday: 10:00 - 18:00, Saturday: 10:00 - 18:00, 
Sunday: 10:00 - 14:00 

Location: Paris Ballroom 


Soldering Skills Village 
Friday: 09:00 - 16:00, 09:00 - 18:00 Online, 


Saturday: 09:00 - 16:00, 09:00 - 18:00 Online, 
Sunday: 09:00 - 13:00, 09:00 - 16:00 Online 


Location: Bally's, Bronze 3 & 4 
Voting,Machine Hacking 
Village 


Friday: 10:00 - 17:00, Saturday: 10:00 - 17:00, 
Sunday: 10:00 - 14:00 
Location: Paris Ballroom 


B..C. (ві=ск= 15 
Cybersecurity) Village 


Friday: 10:00 - 17:00, Saturday: 10:00 - 17:00 
Location: Bally's Event Center Office 
Security Leaders Village 


Friday: 10:00 - 19:00, Saturday: 10:00 - 19:00, 
Sunday: 10:00 - 14:00 
Location: Paris Ballroom 
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VILLAGES 


loT Village 

Friday: 10:00 - 19:00, Saturday: 10:00 - 19:00 
Location: Hybrid, Paris Ballroom 
Adversary Village 

Friday: 12:00 - 19:00, Saturday: 10:00 - 17:00, 
Sunday: 10:00 - 17:00 

Location: Virtual 

Cloud Village 

Friday: 10:00 - 17:00, Saturday: 10:00 - 17:00, 
Sunday: 10:00 - 14:00 

Location: Virtual 


Hack’ The Sea 


Friday: 10:00 - 18:00, Saturday: 10:00 - 18:00, 


Sunday: 10:00 - 17:00 
Location: Virtual 


Lock Bypass Village 


Friday: 09:00 - 19:00, Saturday: 09:00 - 19:00, 

Sunday: 09:00 - 17:00 

Location: Virtual 

Lock Pick Village 

Friday: 10:00 - 19:00, Saturday: 10:00 - 19:00, 

Sunday:-10:00 - 17:00 

Location: Virtual 

Payment Village 

Thursday: 09:00 - 14:00, Friday: 09:00 - 14:00, 
Saturday: 09:00 - 14:00, Sunday: 09:00/- 14:00 
Location: Virtual 


Recon Village 


Friday: 10:00 - 18:00, Saturday: 10:00 - 18:00 
Location; Virtual 
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Al Village 


Friday: 09:00 - 17:00, Saturday: 09:00 - 17:00, 
Sunday: 09:00 -16:00 

Location: Virtual 

Biohacking Village 
Thursday: 10:00 - 18:00, Friday: 10:00 - 18:00, 
Saturday: 10:00 - 18:00, Sunday: 10:00 - 14:00 
Location: Virtual 

Bilge Team Village 

Thursday: 09:00-17:00, Friday: 09:00-17:00; 
Saturday: 09:00-17:00, Sunday: 09:00-14:00 
Location: Virtual 


Crypto & Privacy Village 


Friday: 10:00 - 18:00, Saturday: 10:00 - 18:00, 
Sunday: 10:00 - 14:00 

Location: Virtual 

ICS Village 

Friday: 10:00 - 18:00, Saturday: 10:00 - 18:00, 
Sunday: 10:00 - 16:00 

Location: Virtual 


Radio Frequency Village 
(Formerly Wireless 
Village) 


Thursday: 09:00-19:00, Friday: 09:00-19:00, 
Saturday: 09:00-19:00, Sunday: 09:00-17:00 
Location: Virtual 


The Social Engimeering 
Village 

Friday: 10:00 - 18:00, Saturday: 10:00 - 18:00 
Location: Virtual 

CAHV Village 

Friday: 11:00 - 17:00, Saturday: 11:00 - 16:00 
Location: Virtual 


PRESENTATIONS 


ALL Times listed are Vegas Time. 
Check the DEF CON Speaker 


age at https://defcon.org/ 
him defcon-29/dc29 speukers 


html for abstracts and bios. 


Friday, August 
6th 


09:00 


Dark Tangent Welcomes 
everyone on Discord. 
Making the DEF CON 29 
Badge 


Michael Whiteley & Katie Whiteley 
Demo 


10:00 


cc a 
Welcome To DEF CON & 
Making the DEF CON 29 
Badge 


Dark Tangent, Michael Whiteley, & 
Katie Whiteley 


DGone Apple Pickin’: 
Red Teaming macOS 
Envirorttrents-in-202 


Cedric Owens 


HITP/2: The Sequel is 
Always Worse 


James Kettle 
Demo, Tool, Exploit 


11:00 


Special Guest 
Presentation with Dept of 
Homeland Security 


Secretary Alejandro Mayorkas 


2021-Our Journey 
Back To The Future ОЁ 
Windows Vulnerabilities 
and the 0-days we 
brought back with us 


Tomer Bar & Eran Segal 
Demo, Tool, Exploit 


Caught yov-reveal-and 
exploit IPC logic bugs 
inside Apple 

Zhipeng Huo & Yuebin Sun & 
Chuanda Ding 

Demo, Exploit 


12:00 


DHS Rebooting Critical 
Infrastructure Protection 


Panel with DEF CON Policy Panel 


Your House-is My House: 
Use of Offensive Enclaves 
In Adversarial Operations 
Dimitry “Ор Nomad" Snezhkov 
Demo, Tool 


Do You Like To Read? T 
Know How To Take Over 
Y6Ur Kindle With An 


E-Book 
Slava Makkaveev 


12:30 


The Mechanics of 
Compromising Low 
Entropy RSA Keys 


Austin Allshouse 


Worming through IDEs 


David Dworken 
Demo, Exploit 


13:00 


Ransomware’s Big 
Year - from nuisance to 
“scourge 


DEF CON Policy Panel 


Sleightof ARM: 
Demystifying Intel Houdini 


Brian Hong 
Demo 


eBPF, | thought we were 
friends! 

Guillaume Fournier,Sylvain Afchain, 
& Sylvain Baubeau 

Demo, Tool 


14:00 


MAVSH? Attacking from 
Above 


Sach 
Demo, Tool 


Hacking Humans with Al 
as a Service 


Eugene Lim & Glenice Tan & Tan 
Kee Hock 
Demo, Tool 


Rotten code, aging 
standards, & pwning 
IPv4 parsing across 
nearly every mainstream 
programming language 
Kelly Kaoudis & Sick Codes 

Demo, Exploit 
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15:00 


UFOs: Misinformation, 
Disinformation, and the 
Basic Truth 


Richard Thieme AKA neuralcowboy 


Abusing SAST tools! 
When scanners do more 
than just scanning 

Rotem Bar 

Demo 


ProxyLogon is Just the 
Tip of the Iceberg, A 
New Attack Surface 
on Microsoft Exchange 
Server! 

Orange Tsai 

Demo, Exploit 


16:00 


Defending against 
nation-state (legal) 
attack: how to build a 
privacy-protecting service 
in the era of ubiquitous 
surveillance 


Bill "Woody" Woodcock 


Bundles of Joy: Breaking 
macOS via Subverted 
Applications Bundles 
Patrick Wardle 

Demo 


The Unbelievable 
Insecurity of the Big Data 
Stack: An Offensive 
Approach to Analyzing 
Huge and Complex Big 
Data Infrastructures 


Sheila A. Berta 
Demo 
6 


17:00 


Do No harm; Health 
Panel : Live version 


A DEF CON Policy Panel 


Phantom;Attack: Evading 
System Call Monitoring 
Rex Guo & Junyuan Zeng 

Demo, Tool, Exploit 


Warping Reality-creating 
and countering the next 
generation of Linux 
rootkits using eBPF 

PatH 

Demo, Tool 


18:00 


Do No harm; Health 
Panel :-Live version 


A DEF CON Policy Panel 


Response Smuggling: 
Pwning HTTP/1.1 
Connections 

Martin Doyhenard 

Demo, Exploit 


How І use a JSON 
Deserialization Oday to 
Steal Your Money On The 
Blockchain 

Hao Xing & Zekai Wu 

Demo, Exploit 


Saturday, 
August 7th 


10:00 


High-Stakes Updates | 
BIOS RCE OMG WTF 
BBQ 

Mickey Shkatov & Jesse Michael 
Demo, Tool, Exploit 


Crossover Episode; The 
Real-Life Story of the First 
Mainframe Container 
Breakout 

lan Coldwater & Chad Rikansrud 
(Bigendian Smalls) 

Demo 


Privacy Without 
Monopoly: Paternalism 
Works Well, But Fails 
Badly 


Cory Doctorow 


11:00 


Hacking Viber Messenger 
with Oday Vulnerabilities: 
Sniffing and 065 
Samarkand 

Demo, Tool, Exploit 


UPnProxyPot: fake the 
funk, become a blackhat 
proxy, MITM their TLS, 
and scrape the wire 

Chad Seaman 

Tool 


DISCSBEY_ 


Wibbly Wobbly, Time 
Wimey - What's Really 
Inside Apple's U1.Chip 
jiska & Alexander Heinrich 
Demo, Tool 


12:00 


Racketeer Toolkits 
Prototyping Controlled 
Ransomware Operations 
Dimitry “Op_Nomad” Snezhkov 
Demo, Tool 


Time Turner-Hatking.RF 
Attendance Systems (To 
Be in Two Places at Once) 
Vivek Nair 

Demo, Tool 


Bring Your Own Print 
Driver Vulnerability 


Jacob Baines 
Tool, Exploit 


12:30 


Hack the hackers: Leaking 
data over SSL/TLS 

lonut Cernica 

Demo, Exploit 


А new class of DNS 
vulnerabilities affecting 
many DNS-as-Service 
platforms 

Shir Tamari & Ami Luttwak 
Demo 


13:00 


PINATA: РІМ Automatic 
Try Attack 

Salvador Mendoza 

Demo 


Defeating Physical 
Intrusion Detection Alarm 
Wires 

Bill Graydon 

Tool 


TEMPEST radio station 


Paz Hameiri 
Tool 


14:00 


SPARROW: A Novel 
Covert Communication 
Scheme Exploiting 
Broadcast Signals in LTE, 
5G & Beyond 


Reza Soosahabi & Chuck McAuley 
Demo, Exploit 


Over-the-air remote 

code execution on the 
DEF CON 27 badge vid 
Near Field Magnetic 
Inductance or World's first 
NFMI exploitation, sorta 
or OTARCEDC27NFMI- 
OMGWTFBBQ 


Seth Kintigh 
Demo, Tool, Exploit 


Sneak into buildings with 
KNXnet/IP 

Claire Vacherot 

Demo 


15:00 


Hacking G Suite: The 
Power of Dark Apps 
Script Magic 

Matthew Bryant 

Tool 


Central bank digital 
eU threats and 


Vulnerabilities 

lan Vitek 

Exploit 
БШШШ: 


Breaking Secure 
Bootloaders 
Christopher Wade 
Demo, Tool, Exploit 


16:00 


New Phishing Attacks 
Exploiting OAuth 
Authentication Flows 
Jenko Hwong 

Demo, Tool 


PunkSPIDER and 
lOStation: Making a Mess 
All Over the Internet 
_hyp3ri0n aka Alejandro Caceres 
& Jason Hopper 

Demo, Tool 


Adventures.in MitM-land: 
Using Machine-in-the- 
Middle to Attack Active 
Directory-Authentication 
Schemes 

Sagi Sheinfeld & Eyal Karni & 
Yaron Zinar 

Demo 


17 


PRESENTATIONS 


17:00 


Yov're Doing loT RNG 


Dan “AltF4” Petro & Allan 
"DwangoAC" Cecil 


Hacking the Apple 
AirTags 

Thomas Roth 

Demo, Tool 


Don't Dare to Exploit An 


Attack Surface Tour of 
SharePoint Server 
Yuhao Weng & Steven Seeley & 
Zhiniang Peng 

Demo, Exploit 


18:00 


HACKERS INTO THE 
UN? Engaging in the 
cyber discussions on war 
& peace 


DEF CON Policy Panel 


Offensive Golang 
Bonanza: Writing Golang 
Malware 

Ben Kurtz 

Demo, Tool, Exploit 


Vulnerability Exchange: 
One Domain Account 
For More Than Exchange 
Server RCE 


Tianze Ding 
Demo, Tool, Exploit 


Sunday, August 
8th 


10:00 


A Discussion with Agent X 
Agent X 


Hi! I’m DOMAIN\Steve, 
please let me access 
VLAN2 


Justin Perdok 
Demo, Tool, Exploit 


Taking Apart and Taking 
Over ICS & SCADA 
Ecosystems:-A-Case Study 
of Mitsubishi Electric 

Mars Cheng & Selmon Yang 

Demo, Tool 


11:00 


The PACS-man Comes 

For Us All: We May Be 
Vaccinated, but Physical 
Access Control Still Sucks 
Babak Javadi & Nick Draffen & Eric 
Betts & Anze Jensterle 

Demo, Tool, Exploit 


Glitching RISC-V chips: 
MTVEC corruption for 
hardening ISA 

Adam 'pi3' Zabrocki & Alex 
Matrosov 

Demo, Exploit 


Fuzzing Linux with Xen 


Tamas K Lengyel 
Demo, Tool 


12:00 


DoS: Denial of Shopping- 
-Analyzing and Exploiting 
(Physical) Shopping Cart 
Immobilization Systems 


Joseph Gabay 


No Key? No PIN? No 

Combo? No Problem! 

POwning ATMs Ров Fun 
and Profit 

Roy Davis 

Demo 


Breaking TrustZon&-M: 
Privilege Escalation on 
LPC55S69 


Laura Abbott & Rick Altherr 
Demo, Exploit 


13:00 


Extension-Land: exploits 
and rootkits in your 
browser extension§ 
Barak Sternberg 

Demo, Tool, Exploit 


Why does;my security 
camera Scream like a 
Banshee? Signal analysis 
and RE of a proprietary 
audio-data encoding 
protocol 

Rion Carter 

Demo, Tool 

Vid 0 
Timeless Timing Attacks 
Tom Van Goethem & Mathy Vanhoef 
Demo, Tool, Exploit 


14:00 


Robots with lasers and 
cameras (but no security): 
Liberating your vacuum 
from the cloud 

Dennis Giese 

Tool, Exploit 


Gld MacDonald Had a 
Barcode, Ғ-І-ЕІ САК 
Richard Henderson 

Demo 


Instrument and Find 
Out: Writing Parasitic 
Tracers for High(-Level) 
Languages 

Jeff Dileo 

Demo, Tool 


14:30 


The Agricultural Data 
Arms Race: Exploiting 
a Tractor Load of 
Vulnerabilities In The 
Global Food Supply. 
Chain. 

Sick Codes 

Demo, Exploit 


15:00 
TT ишы; 


Discord Closing 
Ceremonies 


Dark Tangent & DEF CON Goons 


16:00 
[Тш шшш 


DEF CON Сіовіһ 
Ceremonies; Black Badge 
Ceremonies 


with Dark Tangent & DEF CON 
Goons 


POLICY 


DEF CON 


If you're a hacker all the policy governing technology might seem 
opaque to you, and if you are а policymaker all the technology 
underpinning society might look like a black box. 


But we can fix all this! The Policy@DEF CON Team is offering two 
days of content connecting hackers with policymakers, and vice 
versa, to get a view into each others’ world. 


The program will cover a range of topics relevant to the DEF CON 
community such as securing critical systems like supply chains, 
elections, and critical infrastructure, to what role ү play in 
helping defend against attacks, what norms govern behavior in 
cyberspace, and the specific challenges raised by ransomware. 
Finally there will be discussion on how we all use this technology 
through regulations such as Section 230. 


Events take place from 10:00-17:00 Pacific on Friday and wo 
in the Skyview rooms atop Bally's. Check the website for full 
descriptions, specific times, and room assignments. 


https://defcon.org/html/defcon-29/dc-29-policy.html 


Friday from 2000 - 2200 at Bally's, Skyview 3 


One of our favorite parts of DEF CON every year is hearing about 
what other hackers have been up to with harrowing tales of red team 
exercises gone wrong, or so very right. We've also heard of valiant 
efforts of defense, from our blue team folks while waiting in Linecon. 
Do you have a cool “war story" to share? Would you like to listen to 
some fun stories from your fellow hackers? This is the place to be. 
Join the DEF CON CFP Review Board, Goons, and fellow hackers as we 
hunker in the (War Story) bunker. 


Sign up to be a storyteller, Friday near the workshop area 0900-1700 
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DEMO LABS 


For complete details and links, visit the Demo Labs page at https://defcon.org/html/defcon-29/dc-29-demolabs.html 


Cotopaxi 

In-person - Fri from 12:00 - 13:50 in Demolab 1 
Audience: Offense, Defense, AppSec, loT 
Depthcharge: A Framework 
for U-Boot Hacking 
In-person - Sat from 10:00 - 11:50 in Demolab 2 


Audience: Hardware / Embedded Systems - Both “offense” 


and “defense” within this audience 


Empire 

In-person - Fri from 14:00 - 15:50 in Demolab 2 
Audience: Offense 

Git Wild Hunt - A tool for 
hunting leaked credentials 
In-person - Sat from 12:00 - 13:50 in Demolab 2 
Audience: Offense, Vulnerability Assessment 
Open Bridge Simulator 


In-person - Fri from 14:00 - 15:50 in Demolab 1 
Audience: Hardware, Education, Defense 


Principal Mapper (PMapper) - 
Mapping Privilege Escalation 
and More in AWS IAM 


In-person - Sat from 10:00 - 11:50 in Demolab 1 
Audience: Defense, Cloud 

Shutter 

In-person - Sat from 14:00 - 15:50 in Demolab 1 
Audience: Offense 

The WiFi Kraken Lite 

In-person - Fri from 10:00 - 11:50 in Demolab 2 
Audience: Offense, Defense and Hardware 

AIS Tools 

virtual - Fri from 10:00 - 11:50 in Video 1 


Audience: Defense, students, researchers, product developers 


(but, like any good tool, can be used for offense) 


Frack 
virtual - Sun from 10:00 - 11:50 in Video 2 
Audience: Offense, Defense, OSINT 
Kubernetes Goat 


virtual - Sat from 10:00 - 11:50 in Video 1 
Audience: Offense, Defense 


Kubestriker - a blazing fast 
security auditing tool for 
kubernetes 


virtual - Fri from 14:00 - 15:50 in Video 1 
Audience: Offensive and Defensive Security Professionals, 
Security Auditors, Developers, Devops, Sysadmins, Devsecops 
and SRE professionals 

Mooltipass 

virtual - Fri from 10:00 = 11:50 іп Video 2 
Audience: Hardware, Defense 


ParseAndc - A Universal 
Parser and Data Visualization 
Tool for Security Testing 


virtual - Sat from 14:00 - 15:50 in Video 1 
Audience: White Hat Testing, Black Hat Testing 


геМціпе: An automated 
reconnaissance 
engine(framework) 


virtual - Sun from 10:00 - 11:50 in Video 1 
Audience: Offence and Defence on Web application Security. 
Ruse 

virtual - Sat from 10:00 - 11:50 in Video 2 
Audience: Consumer Mobile Offense 

Siembol 

virtual - Fri from 12:00 - 13:50 in Video 2 
Audience: Defense 
Solitude: A privacy analysis 
tool 

virtual - Fri from 12:00 - 13:50 in Video 1 
Audience: Mobile, Offense, Privacy enthusiasts. 
Tracee 

virtual - Sat from 12:00 - 13:50 іп Video 1 
Audience: Defense 

UsBsamurai 

virtual - Sat from 12:00 - 13:50 in Video 2 
Audience: Offense, Hardware, ICS 

Z2uthaka 


virtual - Fri from 14:00 - 15:50 in Video 2 
Audience: Offensive developers, Red Teamers Operators, 
C2 Developers 


VENDORS/MAP 


TOOL 


Keyport 


keuport 


Hacker Warehouse 


Shadowvex 


УХ 


Pen-Test Assistant 


Xcape 


[X 


Hacker Boxes 


Paris Ballroom 


REGISTRATION 


DEF CON 29 FLOORPLAN 


^ 
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CONTESTS. 


to Ball Pool 


Indigo Tower 
26th Floor 


DEF CON POLICY ROUNDTABLES & PANELS DURING THE DAY 
PARTIES & MEETUPS AT NIGHT 


Skyview 4 
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The Dark Tangent would like to thank everyone who has supported DEF 
CON and the hacking community though the past year. Honestly it can be 
very difficult to keep the signal alive with all the ups and downs, but one 
thing is dear, all of you who help teach us how to hack the shit out of it 
bring us together. So take it seriously when I say Thank You to EVERYONE 
who has made both in-person and virtual conferences possible. 


DEF CON is made possible by all the people who make up the following 
departments: CFP Review, Contests and Events, DCTV, DEF CON Groups, 
Demo Labs, Discord DevOps, Dispatch, Entertainment, Infobooth, 
Infrastructure, Parties, Press, Production, Policy@DEFCON, QM Stores, 
Registration, SOC, Speaker Ops, DEF CON Store, Vendor, Villages, and 
Workshops. 

Over 1,000 people came together to organize and made DEF CON possible 
both in-person and virtually. They are amplifying the signal! 


Thank you to the HQ staff for adapting as plans kept shifting: Cayce, Cot, 
Darington, Janet, Jeff, Neil, Nikita, Will, and a last minute assist from 
Wendy. It was not business as usual and | thank everyone for seeing 
itthrough. 


Td like to thank all the departments that had to work double hard this year, 
doing essentially twice the work. The complications of events switching last 
minute between in-person and virtual made planning extra complicated. 
We learned a lot these past months, but | hope we don't have to ever do it 
again. Ill see everyone at the pool party on the roof Sunday. 


Thank you to the badge designers, MK Factor, for dealing with the constant 
supply chain issues, deadlines, unknown quantites, and short time lines to 
pull off a badge that can work in person or remote. 


A special Thanks to Constwide Promotions, The Source of Knowledge, 
Tebbler Studios, Big R, Black Hat, and Caesars Entertainment- You have 
all been fantastic to work with and have gone above and beyond this 
past year. 


And finally a big thank you to those Goons who are retiring after over 

a decade -they have eamed a Gold badge and admission for life: Dave 
Mortman, Heather Blanchard, Nicole Tatrow, Randy Robbins (rcu83d), and 
Mark Carey (phorkus), retiring after 23 years as a Goon! 


Thank you everyone, this year has heen one of the most memorable, and 
hasen't even happend yet as | write this. See you soon! 


The Dark Tangent 


pwerack would like to thank the Speaker Operations staff for another year 
of great service to DEF CON and its speakers. These goons are #s0sayw3all, 
Agent X, archwisp, Bushy, CLI, Code24, Crash, DaKahuna, Ellopunk, Fallible, 
Flattire, g8, Gattaca, gdead, Goekesmi, idontdrivecars, Jinx, Jurlst, Jutral, 
Khole, kampf, kylef, MaltLiquor, manchmod, Milhouse, Mnky, mubix, 
notkevin, Pardus, Pasties, phliKtid, RoundRiver, Shadow, SIGAD, squirrel, 
stikk, SurrealKill3;, triwOlf, TruBlueFan, usak0, Vaedron and, as always, 
AMFYOYO! 


Thank you to all the journalists, bloggers, and podcasters who not only 
report on the developments from the event, but continue to be invaluable 
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contributors to the DEF CON community. A special thanks to the Press 
Goons who help us show up as the best version of ourselves, online & 
in-person: Claire, David, Jeff, Monika, Sean, and Sylvia. YF'@Wednesday 


Secret would like to thank all the Swag goons: Dasha, (1085, 10m4, 
Skyfall, Alex, Gili; Csp3r, Endsu, GOnZu1, gingerjet, Githur, H4zy, Heal, 
Leeneely, Loak, Magnar, Old Man Kat, Oobleck, Peej, rudy, spiggy, 
themikeconnor, theViking, webjedi, YutYutDoubleYut, and zubion for 
their hard work along with all the other departments who make DEF 
CON possible. 


Cotman thanks present Admins and moderators: DarkTangent, Neil, 
AlxRogan, ASTCell, Sleestak, Thorn. Cotman also thanks past admins and 
moderators on the DEF CON forums. Thanks everyone! 


ChrisAM would like to thank everyone responsible for this year's 
entertainment & decor: Krisz Klink, Great Scott, Zziks, dead, CTRL, stitch, 
davesbase, Zebbler Studios, Mobius, SomaFM, and all the DJs and artists 
who donated their time and talent to this event. 


RF and Ahab would like to thank the Dispatch Team, AsmodianX, Tadane, 
Archangel, Voltage Spike, BonBon, Fosgood, LOGIC, Rixon, wO0k, 

dymz, miggles, dirtdod, dli3ma, Shogo, TheKid, Merg, Offroad, skyria, 
TheKillerSpud, and Goon22. 


On behalf of ETA, SunSh1ne, ms7821, өр kedshell, AWildBeard, 
Buttersnatcher, Cell Wizard, shell, justif3y3, Vee, YoungBlood, йореп, 
Multigrain, Drimacus, slacker, alizarinMegalodon, Helium, SP3ZN45, 

| Geo, Q, RedAce, waz, гем, seven, netza, The Saint and Janet, 
Major Malfunction would like to UNTHANK Corona Virus for spoiling our 
party for the second year running, and the various Governments and 
Health Organisations of the world for failing to treat this as a health issue 
and politicsing it instead, thereby making it impossible for many of usto 
travel to be with you. My heart metaphorically bleeds and my eyes literally 
weep at the prospect of being separated from my Goon family and my 
Human brothers and sisters for the second year running... However, I'd like 
to THANK all those on the front line, whether they he researchers, doctors, 
nurses, volunteers, fund raisers, whatever. Your tireless efforts have literally 
saved our lives and | grieve for those that didn't make it. We've all lost 
someone and DEF CON is no exception. Several members of our extended 
family have perished in this pandemic and, again, we all grieve for them. 
As you read this, please take a moment fo think of them and resolve to 
pour one out for them at your next opportunity. We wish you all health and 
happiness and we love you all! Thank You for coming or attending virtually 
and see you next year! Cheers! 


еН, mac and DEF CON would like to thank the hard-working NOC Goons 
for making the on-site conference network, well, work. 


sparky, booger, CRV, COmmiebstrd, Dpli, c7five, Jon2, deadication, musa, 
wish, johntitor, MikeD and Toph put in long hours (some onsite and some 
remotely) in making sure everything worked at least at one point in time. 
And then got them fixed when you (or quite possibly we) broke something. 
As usual, also a huge thank you to Caesars IT and Encore for making our 
lives a bit easier. 


Janet and Ira share their appreciation to the Production team for surviving 
another year. Thanks to Wendy, Proctor, Scout, Adam, and Sparkle for 
ensuring that you pay no attention to the man behind the curtain. 


Littlebruzer and Littleroo would like to thank all of the NFO goons: 
Otter, 50 Caliber, Aask, algorythm, ARI666, Boudica, Bufo Alvarius, 
Cheshire, Hankashyyyk, jimi2x, Krav, madstringer, Nav, Nebberz, 
NymphaeaCoerulea, Paul, PEZHead, Razzies, S747IK, Sanchez, 
SchematicAddic,, ScurryFool, SmoOotchy, TACSAT, and Viva. 


A special shout out to the Apps and Web team: Муке, Advice Dog, derail, 
E aNullValue for their hard work on the mobile applications and the 
site. 


The entire NFO team would like to thank all of the humans for the 
interesting questions and allowing us to tell you where to go and how 
to get there. 


On behalf of demolabs, heisenberg would like to thank all the folks who 
put in submissions this year, and a special thanks to those who will be doing 
double duty - presenting in person and maintaining an online presence. i 
also would like to give a shout out to panadero and grifter for continuing 

1o support demolabs as part of contests and events, and to quartermaster, 
inhuman reg, noc, soc and production folks for their support. 


Magen and Sinderz would like to thank our in-person and virtual Workshop 
goons: mav, BinaryBuddha, Lawyerliz, Integgroll, n00bz, Dave, Beaker, 
Hlopunk, Fallible, Jen and Joe! Cardella, and Randominterrupt. We also 
would like to thank our Workshop Review board and the instructors for all 
of the time and energy they volunteered for the community as well as the 
teams who provide us support before and during the show (DT, Nikita and 
Neil, Janet, Will, Cotman, Darrington, Wendy, QM, NOC, and SOC). 


Thank you to all of the villages for their patience as we figured out this 
crazy year! Thank you to all of our amazing Goons as well. And thank you 
SO MUCH to the DEF CON staff for helping us navigate through it. Special 
thanks to Nikita for being the ‘catch all’ for questions | couldn't answer! 


Thank you to all of the vendors who could make it this year, and all of the 
Virtual vendors as wel! The luxury of shopping is one of the last bastions 
we need fo cross to return to a sense of normalcy, so their participation in 
DEF CON this year was greatly appreciated! And a big thank you to all of 
our Vendor Goons! Thanks to all of the DEF CON staff for their support, but 
a special thanks as always to Janet whom we couldn't do this without! 


xistence would like to first and foremost thank the meetups/parties that 
came forward at the last minute to help add to the DEF CON atmosphere 
and community, even as we navigated a new hybrid con world, and the 
chaos that ensued. | also want fo give a shout out to Nikita for all her help 
this year, as well as my small team who've been in contact, laughed, cried 
and memed with me throughout this “interesting” year: Pushpin, Rickglass, 
Skittles, s3gfault and cookiegurly! Also thanks to Janet, and Wendy for their 
support from the DEF CON staff side on helping making sure everything 
isin place and in order. My wish is that next year we will once again all be 
Together in Vegas, as | miss my friends and family! <3 


C and tacitus wish to thank kruger, BeaMeR, ZULU, dr.kaos, polish_dave, 
Priest, g33kspeed, Jbone, AdaZebra, fidgetspinner, Rez, Heylel, WhiteBrd, 
Hattori Hanzo, cymike, Havoc, Wasted, Mr. M, HoneyBadger, GOOdn113, 
пх, ZephrFish, Salem, BMP5I, Glasswalk3r, PrecOre, DoktorMayhem, 
duckie, тош, nohackme, Quiet Mike, cRusad3r, Sonicos, wham, 
Nothingness, loghiller, shuu, Infojanitor, Si, faz, Junior, MIM, Lordi, 
Spedione, Nextlnline, randOh, and Fox. 

Pax Per Imperium. 


Huge thanks to all the Human Registration goons for making things 
happen in person and online: Ox90ebfe, APT, Chimera, cstone, funnyguy, 
holmestrix, indigo, Joe630, Jup 113r, Phear, Pozer, qumqats, Temiel, 
UnderTaker, and wralth 


The DEF CON Groups board (April, Brent, Casey, Jayson, Sleestak, 800) 
offers our sincerest gratitude to DT, Nikita, and Will for their continued 
support and amazingness throughout the year! We would also like to give 
thanks and recognition to all DCGs for their awesome work being local 
‘hacker ambassadors’: DCGs are examples of the great things we can do 
when we come together with endless curiosity and the willingness to share 
our knowledge to the benefit of all. Each and every global DCG makes the 
world better through bits, bytes, wires, solder, and a lot of heart. Find your 
local community on defcongroups.org! “HUGS* to you all! <3 


Janet would like to thank all of you, department leads, goons, and 
everyone in between. Without you, this could not happen. 29 years of F'ing 
epic shenanigans! You rock!! Thank you!!! 


Nikita would like to thank The Dark Tangent, Alex and the DC29 Content 
Reviewers for Talks and Workshops: AlxRogan, Anullvalue, Ash, Beaker, 
camalOwnage, Suggy, Claviger, CyberSulu, DaKahuna, Dan Nelson, Dead 
Addict, Deanna, Dino, еп, Lawyerliz, HighWiz, Jay Healy, Magen Wu, 
Malware Unicom, Marcia Hoffman, Medic, n00bz, Roamer, Рита, 
SecBarbie, Shaggy, SinderznAshes, Snow, Solstice, Vyrus, Yan, Zfasel, Zoz. 
Massive thanks to Dept Leads, Janet & Kevin, Wendy, Neil, Bestie, The entire 
HQ team & Discord DevOps Team, Mad Props: Fidgetspinner, Log ARI, FOX, 
Rick Astley, Buggins & Squish. 


Grifter and panadero would like to thank all.of the Contest and Event 
organizers for the fime and talent they put into creating their varied events. 
DEF CON appreciates it, we appreciate it, and the attendees appreciate it. 
Many many thanks to all of the C&E Goons; apexxor, gomer, heisenherg, 
mOhgarr, pOlr phartacus, phorkus, psychoticide, reu83d, rugger, saltr, 
secove, stumper, and zero3. Your efforts, both physical and virtual, are 
what keeps this ship afloat. And last, but certainly not least, thank you to 
The Dark Tangent, Nikita, Neil, Darington, Will, and Janet for keeping us all 
moving in the right direction. 


Neil would like to thank Sleestak, & Nikita for help getting this book made. 
psterhoy for helping get all these hotels covered in signs. A big thank you 
to the DEF CON Deployment team. S4m GOld for working tirelessly to keep 
you all properly directed. 


ОСТУ thanks our team: Alex, GhostPepper, Hanna, Sandwich, Tuna, 
skw33k, and VideoMan. 


Riverside & DEF CON would like to thank the DevOps team: Fox, Respondo, 
VoltageSpike, Lightning, NightWolf, thephreak, Ari, McMayhem, Mubix, 
Mauvehed, TCMBC, BSE, (stone, FalconRed & the PHV team for all their 
additional assistance. 


Inhuman Registration would like to thank Cstone, Undertaker, Will, Nikita, 
Janet, Wendy, KC, McMayhem, Cylon, 50ph33 and all the department 
heads for putting up working with us. 


Sleestak would like to thank @marysafroart, Mark Apilado and © 
feline_lemon for the inspiring art they shared with us to help celebrate this 
year's theme. Can't stop the Signal. 
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